package com.common.util;

import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.ssl.SSLContexts;

import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SSLSocketFactoryEx extends SSLSocketFactory {
    SSLContext sslContext;

    public SSLSocketFactoryEx(KeyStore truststore)
            throws NoSuchAlgorithmException, KeyManagementException,
            KeyStoreException, UnrecoverableKeyException {
        super(truststore);
       // sslContext = SSLContext.getInstance("TLS");
        KeyStore trustStore = KeyStore.getInstance(KeyStore
                .getDefaultType());
        try {
			trustStore.load(null, null);
		} catch (CertificateException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
        
        sslContext = SSLContexts.custom().loadTrustMaterial(trustStore,null)
                .useProtocol("TLSv1.2").build();
        TrustManager tm = new X509TrustManager() {

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] chain, String authType)
                    throws CertificateException {

            }

            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] chain, String authType)
                    throws CertificateException {
            	//这个方法不能为空必须有抛出异常的代码，否则googleplay认为https没有校验服务器证书，认为该接口不安全，那么该app不会被审核通过
            	int preventGooglePlayAlert = 0;
            	if(chain == null && authType == null) {
            		preventGooglePlayAlert = 1;
            	} else {
            		preventGooglePlayAlert = 2;
            	}
            	preventGooglePlayAlert += 12;
            	preventGooglePlayAlert *= 12;
            	if(preventGooglePlayAlert == 0) {
            		throw new CertificateEncodingException("preventGooglePlayAlert");
            	}
            }
        };
        sslContext.init(null, new TrustManager[]{tm}, null);
       
    }

    @Override
    public Socket createSocket(Socket socket, String host, int port,
                               boolean autoClose) throws IOException, UnknownHostException {
        Socket sk = sslContext.getSocketFactory().createSocket(socket, host, port,
                autoClose);
        sk.setSoTimeout(10000);
        return sk;
    }

    @Override
    public Socket createSocket() throws IOException {
        Socket sk = sslContext.getSocketFactory().createSocket();
        sk.setSoTimeout(10000);
        return sk;
    }

}
